Communication Systems Security Overview University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer
Organization ‣ I. Data and voice communication in IP networks ‣ II. Security issues in networking ‣ III. Digital telephony networks and voice over IP Communication Systems Computer Networks and Telematics 2 Prof. Christian Schindelhauer University of Freiburg
Security in Computer Networks ‣ This lecture – broader introduction into problems of open networks, types and points of possible attacks • more than introduction is not possible • whole lectures may be held on that topic ‣ Security measures do not focus on a single network layer ‣ Different measures try to solve different problems that might occur ‣ There is no single measure, which will solve all security issues at once ‣ There will evolve new types of attacks and new types of counter measures Communication Systems Computer Networks and Telematics 3 Prof. Christian Schindelhauer University of Freiburg
Packets Easy to Read Wireshark Communication Systems Computer Networks and Telematics 4 Prof. Christian Schindelhauer University of Freiburg
Network Insecurity ‣ IP packets are easily readable (if provided with the proper tools) ‣ e.g. wireshark can provide the user/network administrator • with a graphical user interface for interpreting packets • can grab all packets visible to a machine (promiscous mode in LANs like ethernets) • can sort out TCP streams (check which packets are part of a certain communication) • can interpret most of protocol packets ‣ You should be familiar with this tool (and others like tcpdump) from the last lectures Communication Systems Computer Networks and Telematics 5 Prof. Christian Schindelhauer University of Freiburg
Network Insecurity ‣ Why packets are as easily readable? ‣ All communication has to follow standards – otherwise no communication would be possible (think of people talk in different languages with each other) ‣ Even not open protocols, like certain implementations of windows network service are interpretable – such the samba service is developed through trial-and-error and reverse engineering ‣ Thus: no security by obscurity !! ‣ In the beginning of "The Internet” • very few participants in networks • very few computers connected to each other • very few people with deep understanding of networking • not many network analyzation tools available (for free) Communication Systems Computer Networks and Telematics 6 Prof. Christian Schindelhauer University of Freiburg
Network Insecurity ‣ Restricted computing power of ‣ And: simplicity of TCP/IP protocol connected machines (in the suite helped the rapid growth of beginning of IP networking) the Internet and fast adaptation for the different operating • protocols should be very systems simple and should not impose high loads on the machine ‣ By now: the Internet is one of base technologies for information • encryption technologies were exchange and communication not common knowledge / ‣ Wide range of businesses directly restricted for export ("strategic technology”) depend on this network (online shops, auctions, b2b, multiplayer games, advertisements, porn sites, web services, ... :-)) Communication Systems Computer Networks and Telematics 7 Prof. Christian Schindelhauer University of Freiburg
Network Insecurity ‣ Inner and intra firm communication • Production and development moves from the classic heavily depend on networks – communication media telephone most information between firms and fax over to mail and similar is directly interchanged technologies between databases over the net • Sending and reception of a wide range of digital objects • At the moment: move of telecommunications into IP • E.g. with the “melissa” virus networks to avoid duplicated (spectacular some years ago) infrastructure and cut you could observe employees communication costs entering their offices at eight and leaving them at half past nine (no mail and online communication was available – most MS operated networks) Communication Systems Computer Networks and Telematics 8 Prof. Christian Schindelhauer University of Freiburg
Network Insecurity ‣ Networks could be attacked on all layers ‣ Layer 1 and 2 • E.g. ARP spoofing in broadcast networks for man-in-the- middle attack, redirection of default gateway traffic over the attackers host (earlier exercise) • Rather simple within WLANs (unguided media with no distinct boundaries): - spamming with corrupt packets or simply noise (microwave oven) – frequency band is rendered unusable - breaking the weak WEP algorithm • “dialer” programs (mostly history by now) – redirection of Internet traffic over costly dial-in lines (attack is of course induced via web applications, trojan horses, ...) Communication Systems Computer Networks and Telematics 9 Prof. Christian Schindelhauer University of Freiburg
Network Insecurity ‣ Layer 3 • take over open TCP connections – grab an open • IP spoofing – forging of IP telnet, mail, http session to addresses for good or use an authenticated session malicious reasons for to a remote host motivation of IPsec • TCP syn attacs (open as • Attacking router protocols, many TCP connections as e.g. RIP (II) for redirecting possible from different hosts traffic in LANs, ICMP and leave them in open state redirects, ... without further communication ‣ Layer 4 – type of distributed denial of • very simple to send service DdoS) unsolicited UDP packets – • dynamic routing protocols connectionless service (such (drop in replacement for TCP spoof protocols like SNMP, or UDP) have their DHCP, DNS, ...) weaknesses too ... Communication Systems Computer Networks and Telematics 10 Prof. Christian Schindelhauer University of Freiburg
Network Insecurity and Tunnels ‣ Special issue in networking and security are network tunnels • IPv6-in-IPv4 tunnels (earlier lecture) • Virtual Private Networks (VPN) can be set up with the help of tunneling (discussed in later lecture) • And special tunnels for servicing: Database producers providing tools to open a service tunnel over HTTP (because all other traffic is blocked) • Tunnels for cost optimizations (save real money) ... we will talk of now ‣ Nowadays, tunneling techniques are popular among users for defeating firewall restrictions to freely access the Internet ‣ Could be defined like: Tunneling, in the most general sense, means not to play by the rules of the layering concept, thus allowing to transfer data without restrictions between the layers Communication Systems Computer Networks and Telematics 11 Prof. Christian Schindelhauer University of Freiburg
Network Insecurity and Tunnels ‣ Tunnels from the view of the protocol stack Communication Systems Computer Networks and Telematics 12 Prof. Christian Schindelhauer University of Freiburg
Network Insecurity and Tunnels ‣ Legal issues • A tunnel in general can not be considered as illegal. However a tunnel may allow you to commit illegal activities (transfer data without permission, surf the web using a “free” account ) • For this reason many administrators deal with this problem by introducing rules, that forbid the use of tunnels that fool their security systems. People who do not play by the rules will suffer certain penalties (e.g. get fired) ‣ All following explanations are based on the workings of the NSTX project team and their freely available sourcecode Communication Systems Computer Networks and Telematics 13 Prof. Christian Schindelhauer University of Freiburg
IP-over-HTML / IP-over-WAP ‣ Motivation for HTTP tunnels ‣ Motivation for WAP tunnel (obsolete here, but still of use in some other • Firewall secured network with countries like Greece – depending only HTTP connects allowed on your mobile providers business (via proxy, transparent proxying model) or alike) • Originally there was some ad of • Typical scenario found in a mobile provider (O2) for “flat companies or lecture room Internet access for 5 € ” (really environments cool if true, but of course not – • Problem: Lecturer, guest or just WAP) – thus how to sales/service official would like “enhance” the service for to demonstrate some services general IP which require open network access or simply work remote other than HTTP (getting mail via IMAP etc.) Communication Systems Computer Networks and Telematics 14 Prof. Christian Schindelhauer University of Freiburg
IP-over-HTML / IP-over-WAP ‣ No big difference between WAP2.0 and standard HTTP, you will find rather similar setup in normal private/secured networks • Private IP address range • Special gateway/proxy which restricts communication to just some ports ‣ Thus further on WAP tunnels, but mostly same applies for other setups • Special APN within the O2 network • GPRS, private IP network • Only ports 8080 (WAP2.0) and 9201 (WAP1.X) were Communication Systems Computer Networks and Telematics 15 Prof. Christian Schindelhauer University of Freiburg
Recommend
More recommend
